开发者

how to forbid process termination by regular user?

I cannot implement it as a windows servic开发者_JS百科e because my process has to interact with desktop and it's prohibited in Windows 7.

What is the simplest way to accomplish this? Starting under another (privileged) user? How to do this?

My users are not hackers, just an operators, so some "dumb" methods like hiding from task manager would help too.

EDIT: some clarification according to provided answers

my process doesn't have any GUI, so I'm trying to avoid killing the process from task manager

my process is a client of a supervising system that has to monitor user's desktop, so it has to interact with desktop

EDIT 2:

can I use a windows service that will start separate process in user session under system account (since my service is running under system account)? can user kill this child process?


You could disable the task manager using a Group Policy and hide the close button from you application's window and the reaction on [Alt+F4].


after long digging I found acceptable answer here: Prevent user process from being killed with "End Process" from Process Explorer

works fine if you're logged in as a regular user, you cannot kill the process from Process Explorer. Admin still can kill it because has sufficient privileges. it's exactly what I needed


Closing the (root) window doesn't mean stopping the process – when the message pump loop exists you could just re-start it with a new window (clearly if you are using a framework there is probably a wrapper around this).

But if a user owns a windows object (like a process) they can always delete (terminate) it. But running as a different user that user's credentials will need to be stored in a way that's accessible to the launcher running as the current user.

To help more specifically I think we need to understand why:

because my process has to interact with desktop

is a requirement.


From this MSDN blog:


This is how you do it:

Get the user token by calling

WTSQueryUserToken (WTSGetActiveConsoleSessionId (), &hToken) ;     

Use this token in CreateProcessAsUser.


You just need to call WTSQueryUserToken from your service, and launch the process - it works on Windows 7 too!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜